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1. In computer network interconnecting a client system, a proxy system, and a 
server system, wherein data exchanged over the computer network is subject to being 
compromised, a method of negotiating, through the proxy system, a secure end-to-end 
cormection between the client system and the server system, wherein the client system 
securely authenticates to the proxy system, the method comprising the acts of: 

receiving a request from the client system for a secure connection between 
the client system and the proxy system; 

establishing a secure connection between the client and proxy systems; 

receiving a request from the client system for a secure end-to-end connection 
with the server system; 

forwarding the client system request for a secure end-to-end connection to the 
server system; and 

dovmgrading the secure connection between the client system and the proxy 
system to be insecure after the secure end-to-end connection is established, whereby 
the secure end-to-end cormection is encapsulated within the insecure client-proxy 
connection, 

2. A method as recited in claim 1 further comprising the acts of; 
issuing an authenticate challenge to the client system; and 

receiving, over the secure client-proxy connection, proper authentication 
credentials from the client system. 

3. A method as recited in claim 2 wherein the authenticate challenge issued to 
the client system is one of a basic and a digest authenticate challenge. 
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4. A method as recited in claim 1 wherein at least one of the secure client-proxy 
tion and the secure end-to-end connection is certificate based. 



5. A method as recited in claim 4 wherein at least one of the secure client-proxy 
connection and the secure end-to-end connection is one of a secure sockets layer and a 
transport layer security connection. 

6. A method as recited in claim 1 fiirther comprising the act of sending a 
certificate to the client system, wherein the certificate may be used to verify the identity of 
the proxy system. 

7. A method as recited in claim 1 further comprising the act of receiving proper 
authentication credentials from the client system, wherein the proper authentication 
credentials received from the client system are certificate based. 



8. A method as recited in claim 1 further comprising the act of transferring data 
between the client system and the server system through the secure end-to-end connection. 

9. A method as recited in claim 1 wherein downgrading the secure connection 
between the client system and the proxy system to be insecure comprises the act of setting 
the cipher set for the connection to be a null cipher. 

10. A method as recited in claim 1 wherein the request for a secure end-to-end 
connection comprises a hypertext transfer protocol connect request. 
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11. A method as recited in claim 1 wherein the server system comprises one of a 
proxy server system and a fonvard proxy system. 



12. A method as recited in claim 1 wherein at least one connection is over the 
Internet. 

13. A method as recited in claim 1 wherein the server system comprises a 
cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server 
systems. 
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14. In computer network interconnecting a client system, a proxy system, and a 
server system, wherein data exchanged over the computer network is subject to being 
compromised, a method of negotiating, through the proxy system, a secure end-to-end 
connection between the chent system and the server system, wherein the chent system 
securely authenticates to the proxy system, the method comprising the acts of: 

sending a request to the proxy system for a secure connection between the 
client system and the proxy system; 

establishing a secure connection between the client and proxy systems; 

sending a request to the proxy system for a secure end-to-end connection 
with the server system; 

downgrading the secure connection between the client system and the proxy 
system to be insecure after the secure end-to-end connection is established, whereby 
the secure end-to-end connection is encapsulated within the insecure client-proxy 
connection. 

15. A method as recited in claim 14 further comprising the acts of: 
receiving an authenticate challenge from the proxy system; and 

sending, over the secure client-proxy connection, proper authentication 
credentials to the proxy system. 

16. A method as recited in claim 15 wherein the authenticate challenge received 
by the client system is one of a basic and a digest authenticate challenge. 
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17. A method as recited in claim 14 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is certificate based. 
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18. A method as recited in claim 17 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is one of a secure sockets 
layer and a transport layer security connection. 

19. A method as recited in claim 14 further comprising the act of receiving a 
certificate from the proxy system, wherein the certificate may be used to verify the identity 
of the proxy system. 

20. A method as recited in claim 14 further comprising the act of sending proper 
authentication credentials to the proxy system, wherein the proper authentication credentials 
sent to the proxy system are certificate based. 

21. A method as recited in claim 14 further comprising the act of transferring 
data to the server system through the secure end-to-end connection. 

22. A method as recited in claim 14 wherein downgrading the secure connection 
between the client system and the proxy system to be insecure comprises the act of setting 
the cipher set for the connection to be a null cipher, 

23. A method as recited in claim 14 wherein the request for a secure end-to-end 
connection comprises a hypertext transfer protocol connect request. 
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24. A method as recited in claim 14 wherein the server system comprises one of 
reverse proxy server system and a forward proxy server system. 



25. A method as recited in claim 14 wherein at least one connection is over the 



26. A method as recited in claim 14 wherein the server system comprises a 
cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server 
systems. 
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27. In computer network interconnecting a client system, a proxy system, and a 
server system, wherein data exchanged over the computer network is subject to being 
compromised, a method of negotiating, through the proxy system, a secure end-to-end 
connection between the client system and the server system, wherein the client system 
securely authenticates to the proxy system, the method comprising steps for: 

negotiating a secure connection between the client and proxy systems; 

negotiating a secure end-to-end connection between the client and the server 
system using the secure client-proxy connection; 

altering the secure client-proxy connection so that it is no longer secure; and 

encapsulating the secure end-to-end connection v^thin the insecure 
client-proxy connection. 

28. A method as recited in claim 27 further comprising a step for authenticating 
the client system to the proxy system, wherein the step for authenticating comprises an act 
of either the client system sending or the proxy system receiving, proper authentication 
credentials including at least one of a basic authenticate challenge response, a digest 
authenticate challenge response, and a certificate. 

29. A method as recited in claim 27 wherein the step for negotiating a secure 
connection between the client and proxy systems comprises the act of the client system 
receiving or the proxy system sending a certificate, wherein the certificate may be used to 
verify the identity of the proxy system. 
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30. A method as recited in claim 27 wherein at least one of the secure 
;-proxy connection and the secure end-to-end connection is certificate based. 



31. A method as recited in claim 30 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is one of a secure sockets 
layer and a transport layer security connection. 

32. A method as recited in claim 27 wherein the step for altering the secure 
client-proxy connection comprises the act of setting the cipher set for the connection to be a 
null cipher, thereby downgrading the client-proxy connection to be insecure. 

33. A method as recited in claim 27 where the step for negotiating a secure 
end-to-end connection comprises the act of either the client system sending or the proxy 
system receiving a hypertext transfer protocol connect request, 

34. A method as recited in claim 27 wherein the server system comprises a 
cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server 
systems. 
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35. In computer network interconnecting a client system, a proxy system, and a 
server system, wherein data exchanged over the computer network is subject to being 
compromised, a computer program product for implementing a method of negotiating, 
through the proxy system, a secure end-to-end cormection between the client system and the 
server system, wherein the client system securely authenticates to the proxy system, 
comprising: 

a computer readable medium for carrying machine-executable instructions 
for implementing the method; and 

wherein said method is comprised of machine-executable instructions for a 
proxy system performing the acts of: 

receiving a request from the client system for a secure connection 
between the client system and the proxy system; 

establishing a secure connection between the client and proxy 
systems; 

receiving a request from the client system for a secure end-to-end 
connection with the server system; 

forwarding the client system request for a secure end-to-end 
connection to the server system; and 

downgrading the secure connection between the client system and the 
proxy system to be insecxare after the secure end-to-end connection is 
established, whereby the secvire end-to-end connection is encapsulated within 
the insecure client-proxy connection. 
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36. A computer program product as recited in claim 35, the method comprised 
further of machine-executable instructions for performing the acts of: 

issuing an authenticate challenge to the client system; and 
receiving proper authentication credentials from the cUent system. 

37. A computer program product as recited in claim 36 wherein the authenticate 
challenge issued to the client system is one of a basic and a digest authenticate challenge. 

38. A computer program product as recited in claim 36, the method comprised 
further of machine executable instructions for performing the act of sending a certificate to 
the client system, wherein the certificate may be used to verify the identity of the proxy 
system. 

39. A computer program product as recited in claim 36 wherein at least one of 
the secure cUent-proxy connection and the secure end-to-end connection is certificate based. 

40. A computer program product as recited in claim 39 wherein at least one of 
the secure client-proxy connection and the secure end-to-end connection is one of a secure 
sockets layer and a transport layer security connection. 

41. A computer program product as recited in claim 35, the method further 
comprised of machine-executable instructions for performing the act of receiving proper 
authentication credentials from the client system, wherein proper authentication credentials 
. received from the client system are certificate based. 
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42. A computer program product as recited in claim 35, the method further 
comprised of machine-executable instructions for performing the act of transferring data 
between the client system and the server system through the secure end-to-end connection. 
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43. A computer program product as recited in claim 35, the method comprised 
further of machine-executable instructions for performing the act of setting the cipher set for 
the secure client-proxy connection to be a null cipher, thereby downgrading the client-proxy 
connection to be insecure. 

44. A computer program product as recited in claim 35 wherein the request for a 
secure end-to-end connection comprises a hypertext transfer protocol connect request. 

45. A computer program product as recited in claim 35 wherein the server system 
comprises one of a reverse proxy server system and a forward proxy server system. 

46. A computer program product as recited in claim 35 wherein at least one 
connection is over the Internet. 

47. A computer program product as recited in claim 35 wherein the server system 
comprises a cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server 
systems. 
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48. In computer network interconnecting a client system, a proxy system, and a 
server system, wherein data exchanged over the computer network is subject to being 
compromised, a computer program product for implementing a method of negotiating, 
through the proxy system, a secure end-to-end connection between the client system and the 
server system, wherein the client system securely authenticates to the proxy system, 
comprising: 

a computer readable medium for carrying machine-executable instructions 
for implementing the method; and 

wherein said method is comprised of machine-executable instructions for a 
client system performing the acts of: 

sending a request to the proxy system for a secure connection between 
the client system and the proxy system; 

establishing a secure connection between the client and proxy 
systems; 

sending a request to the proxy system for a secure end-to-end 
connection with the server system; 
and 

downgrading the secure connection between the client system and the 
proxy system to be insecure after the secure end-to-end connection with the 
server system is established. 
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49. A computer program product as recited in claim 48, the method comprised 
further of machine-executable instructions for performing the acts of: 

receiving an authenticate challenge from the proxy system; and 
sending proper authentication credentials to the proxy system. 

50. A computer program product as recited in claim 49 wherein the authenticate 
challenge received by the client system is one of a basic and a digest authenticate challenge. 

51. A computer program product as recited in claim 48, the method comprised 
further of machine-executable instructions for performing the act of receiving a certificate 
from the proxy system, wherein the certificate may be used to verify the identity of the 
proxy system. 

52. A computer program product as recited in claim 48 wherein at least one of 
the secure client-proxy connection and the secure end-to-end connection is certificate based. 

53. A computer program product as recited in claim 52 wherein at least one of 
the secure client-proxy connection and the secure end-to-end connection is one of a secure 
sockets layer and a transport layer security connection, 

54. A computer program product as recited in claim 48, the method comprised 
further of machine-executable instructions for performing the act of sending proper 
authentication credentials to the proxy system, wherein the proper authentication credentials 
sent to the proxy system are certificate based. 
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55. A computer program product as recited in claim 48, the method comprised 
further of machine-executable instructions for performing the act of transferring data 
between the client system and the server system through the secure end-to-end connection. 

56. A computer program product as recited in claim 48, the method comprised 
further of machine-executable instructions for performing the act of setting the cipher set for 
the secure client-proxy connection to be a null cipher, thereby downgrading the client-proxy 
connection to be insecure. 

57. A computer program product as recited in claim 48 wherein the request for a 
secure end-to-end connection comprises a hypertext transfer protocol connect request. 

58. A computer program product as recited in claim 48 wherein the server system 
comprises one of a reverse proxy server system and a forward proxy server system. 

59. A computer program product as recited in claim 48 wherein at least one 
connection is over the Internet. 

60. A computer program product as recited in claim 48 wherein the server system 
comprises a cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server 
systems. 
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